Hi Tony,
It only took me two days to find the email I was referencing! It was
direct to me rather than through orion-interest. Here is the relevant part:
(This is what I asked)
The J2EE spec makes it clear that single sign-on for web-based applications
should be supported (J2EE spec, section 3.4.1.1). The specification says:
"It must be possible for one login session to span more than one
application, allowing a user to log in once and access multiple
applications." Could you please explain how Orion makes this possible. We
are particularly interested in using form-based login with the form being
on a secure (HTTPS) server although the application(s) may be on a
non-secure server.
(This is what Magnus Stenman of Orion replied)
Setting up the same web-app and mark is with shared="true" should handle
that part. (<web-app shared="true" ... /> in both sites). The sessions will
then be shared and also the logins since login is tied to session with form
auth. Let us know how that works out. We'll look into sharing of logins
across different web-apps but this is not a trivial thing to do in general
(single signon is more targeted towards SSL and basic auth in general).
Hope this helps!
Nick
At 11:37 AM 1/18/01 +0000, you wrote:
>That's interesting. I tried using certificate based security for SSO (even
>though that doesn't *really* fit with the way we want to do things ...
>although it's better than BASIC), but it didn't seem to be happen for me.
>
>Do you have a record of the correspondence you had with the Orion folks
>(regarding SSO and FORM based auth) ? If you do, I would be most grateful
>if you could post it. At the moment, info on this subject is really hard to
>come by. I'm sure you guys are finding the same problem - if not, please
>tell me where all the docs are ;)
>
>Tony.
>
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of Nick Newman
>Sent: 16 January 2001 17:52
>To: Orion-Interest
>Subject: RE: Single Sign On
>
>
>Hi,
>
>We had a similar problem. The solution we came up with was to use BASIC
>authentication for all the relevant web-apps, and to specify the same
><realm-name> for each web-app. That way, the browser supplies the required
>logins as you switch between web-apps.
>
>Yes, it would be nicer to use FORM based login, but so far as we could tell
>(with some help from the orion folk) this does not work with SSO. They
>(orion) indicated that certificate based security was a better fit for SSO,
>as I recall.
>
>Nick
>
>At 09:53 AM 1/16/01 +0000, you wrote:
> >Gerald,
> >
> >Did you ever get any direct replies to this SSO query ? We are trying to
>do
> >the same. Maybe we could work together in some way ?
> >
> >Kind regards,
> >Tony.
> >
> >
> >-----Original Message-----
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED]]On Behalf Of Gerald
> >Gutierrez
> >Sent: 02 December 2000 20:09
> >To: Orion-Interest
> >Subject: Single Sign On
> >
> >
> >
> >Does Orion do any sort of single sign-on for multiple applications deployed
> >on the same application server? If so, how can one get this working?
> >
> >
>
